Even if you don't capture personal data, the information you do capture needs to be protected.
Data in transit
Most Agents are located inside the application infrastructure, either on the web or on application servers. For performance reasons, the communication between the Agent and the Collector is in plain format. Combining performance and security reasons, the Collector should be located in the same network and behind a firewall.
Because data transmission between Classic Agents and Collectors is not encrypted by default, you must either restrict physical access on the network or put a Collector on the same machine as the Agent. If it is not possible, you can enforce SSL communication between Classic Agents and Collectors.
With the AppMon Agent, traffic between Agents and Collectors is encrypted end-to-end by https.
If the AppMon Server is located outside the application infrastructure, place Collectors in the local network and enforce SSL encryption between Collectors and the AppMon Server.
See Set up SSL communication to learn how to configure secure communications.
It's a good practice to keep all of your connections secure. Be sure to use safe protocols.
You may also consider to use your own SSL certificate. See Certificate Management configuration to learn how to manage certificates in AppMon.
Data at rest
After your data is securely delivered to the AppMon Server, you need to care about storing it safely.
First of all, in production environments the AppMon Server must always be located behind a firewall.
The Server stores and processes cyclic measures and PurePath metrics data as a live session. Live session contains a number of bulk files that are kept in plain format for performance reasons. Plain means that AppMon does not encrypt the data. However, Live Session information has a short retention time based on the available storage and configuration.
Operating system permissions deployed on the live session, combined with physical access controls, are the minimum requirements for protecting stored information from direct access. Additionally, you can use external tools to encrypt the live session. Full disk encryption is recommended because it normally does not interfere with performance. You can use dm-crypt on Linux servers or BitLocker on Windows servers for the encryption of data partitions. Self-encrypting hard drives are also an option.
The Performance Warehouse, which stores performance metrics over a longer period of time in a relational database, is less likely to hold confidential data. PurePath information that contains confidential strings is usually stripped out. Access controls and encryption may also be applied to the Performance Warehouse database system.
Apart from restricting access on the operational system level, you can also fine-tune access levels to AppMon. See the Control Access to AppMon section below to learn more.
Control access to AppMon
Operators can use the AppMon Client and AppMon Web to inspect recorded metrics and thus, potentially access confidential information. Best practice is to restrict the access to confidential information. Configure AppMon with user permissions, so only people who need to know are able to inspect confidential data.
AppMon user permissions
AppMon allows you to fine-tune users access level to data and configuration features. See User permissions and authentication to learn how to configure users and Permissions mapping to learn about available permissions.
Permissions allow you to restrict access to AppMon on a need-to-know basis. You can configure who can access confidential data, who can access configurations and so on. You can control the changes in permission assignments via the audit log files in the System Information dashlet.
AppMon user authentication
To ensure reliable and secure user authentication, a best practice to use existing LDAP or Active Directory user groups. Specify an LDAP group to which AppMon users must belong. Activate SSL encryption for LDAP authentication. See Users - LDAP to learn more.
AppMon 2018 April You can also reuse your authentication services and use your corporate credentials to log in to AppMon, by using the SAML Single Sign-On functionality. See SAML/SSO configuration to learn more.
If you opt to use AppMon user accounts, change passwords of built-in users immediately after installation. You may also change IDs of built-in users. Admin is the only ID that cannot be changed. Be sure to set a strong password for the admin user account, as it has full access to AppMon.
AppMon allows you to mark certain information as restricted. To access the respective settings, in the AppMon Client select Settings > Dynatrace Server > Settings, and click the Confidential Strings tab.
Here you can define which data is confidential. It can be hidden in AppMon Client, AppMon Web, and also on session export. See Handling confidential strings to learn more.
On session export, for example, to allow a developer to review an erroneous session, you can remove confidential strings from it. If it is necessary to see the method arguments, you can use a screen sharing or web conference tool to give screen access and record the session for auditing purposes.